Jump to content


What do these few php fields mean in my email form?

  • Please log in to reply
4 replies to this topic

#1 11Tami

  • Members
  • PipPipPip
  • Advanced Member
  • 329 posts

Posted 05 October 2006 - 02:35 AM

Hi, I have a form that sends to my email and there are a couple values in the php form that are supposed to help with spam but they don't seem to be working. Because when I change them to just anything the form still sends to my email. I am hoping someone can tell me what these do so that I can fix them to actually work and protect my form. Here they are and I have no idea what they do. Thank you!!! Tami

$http_referrer = getenv( "HTTP_REFERER" );
if (!isset($_POST['email'])) { header( "Location: $formurl" ); exit ; }
This one is at the end of my mail() string and I am supposed to list in it the name of the page with the php in it. But when I change it to anything it doesn't seem to matter. It all still sends.
"X-Mailer: chemailphp.php 2.07"

#2 .josh

  • Staff Alumni
  • .josh
  • 14,871 posts

Posted 05 October 2006 - 04:39 AM

getenv() function gets an environment variable. in this case, it's getting HTTP_REFERER. from the manual:


    The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted.

so your code block is first making a variable called $http_referrer that holds the HTTP_REFERER value.  Then it has a condition that checks to see if $_POST['email'] exists. $_POST is an array that holds data from your form. 'email' is one of your fields in your form.  If it does not exist, it is assumed that the user did not fill out the form, and the script then sends the user over to some page that is held in $formurl, wherever that is.

there isn't anything in those lines of codes that you have supplied that actually has anything to do with your mail() function, so I'm a little unsure as to what it is you are actually asking here...

well, i kinda know what your asking, but that code you just showed isn't really linked to your mail() function, wherever it is.  You're gonna have to show some more code.
Did I help you? Feeling generous? Buy me lunch! 
Please, take the time and do some research and find out how much it would have cost you to get your help from a decent paid-for source. A "roll-of-the-dice" freelancer will charge you $5-$15/hr. A decent entry level freelancer will charge you around $15-30/hr. A professional will charge you anywhere from $50-$100/hr. An agency will charge anywhere from $100-$250/hr. Think about all this when soliciting for help here. Think about how much money you are making from the work you are asking for help on. No, we do not expect you to pay for the help given here, but donating a few bucks is a fraction of the cost of what you would have paid, shows your appreciation, helps motivate people to keep offering help without the pricetag, and helps make this a higher quality free-help community :)

#3 11Tami

  • Members
  • PipPipPip
  • Advanced Member
  • 329 posts

Posted 05 October 2006 - 07:17 PM

Thanks crayon someone else said those don't stop spam at all so I'll just get rid of them. Anyone know the code for stopping the form from being sent if not sent from the form page? Thank you!

#4 alpine

  • Members
  • PipPipPip
  • Advanced Member
  • 756 posts
  • LocationNorway

Posted 05 October 2006 - 09:44 PM

To ensure YOUR form really is the source of POST, you could generate a random string and include it in a hidden field in your form simultaniously as you insert the same random string into a mysql table.
When checking the POST'ed form, match the posted random string against the one stored in mysql --> Match = ok, if not - abort.
Regardless, clean up and delete the string from mysql.

#5 11Tami

  • Members
  • PipPipPip
  • Advanced Member
  • 329 posts

Posted 16 October 2006 - 05:41 AM

Are you still around Alpine? Would if I am doing it in a form without it going to mysql. Anyway to make sure its coming from the form page? Thanks! Tami

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users